12 lines
676 B
YAML
12 lines
676 B
YAML
|
add_response_headers:
|
||
|
Access-Control-Allow-Origin: "*"
|
||
|
Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||
|
Access-Control-Allow-Methods: "GET, HEAD, POST, PUT, DELETE, OPTIONS"
|
||
|
Content-Security-Policy: "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self';"
|
||
|
Permissions-Policy: "microphone=(), camera=(), geolocation=(), interest-cohort=()"
|
||
|
Referrer-Policy: "no-referrer-when-downgrade"
|
||
|
Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
|
||
|
X-Content-Type-Options: "nosniff"
|
||
|
X-Frame-Options: "SAMEORIGIN"
|
||
|
X-XSS-Protection: "1; mode=block"
|